Tableau eSATA Forensic Bridge T35es-R2 · Tableau eSATA Forensic Bridge T35es-R2 device firmware version Jan 23 2013 12:20:26 using the CFTT Federated Testing Test Suite for Hardware

Tableau eSATA Forensic Bridge T35es-R2

Test Results for Hardware Write Block Device - Federated Testing Suite

October 17, 2018

This report was prepared for the Department of Homeland Security Science and Technology Directorate Cyber Security Division by the Office of Law Enforcement Standards of the National Institute of Standards and Technology.

For additional information about the Cyber Security Division and ongoing projects, please visit the DHS Cyber Security Division website (http://www.dhs.gov/science-and-technology/cyber-security-division).

http://www.dhs.gov/science-and-technology/cyber-security-division

October 2018

Test Results for Hardware Write Block Device: Tableau eSATA Forensic Bridge T35es-R2 Firmware Version Jan 23 2013 12:20:26

Federated Testing Suite for Hardware Write Blocking

..................................................................................................................................... ...............................................................................................................

...... ..................................................................................................................

....................................................................................................................

.................................................................................................................... ....................................................................................................

........................................................................................................ ............................................................................................. ............................................................................................ ..........................................................................................

.................................................................................................... ........................................................................................................

............................................................................................................. ............................................................................................. ............................................................................................ ..........................................................................................

.................................................................................................... ........................................................................................................

................................................................................................. ........................................................................................................

.................................................................................................................... ........................................................................................................... ...........................................................................................................

.................................................................................................................... ...........................................................................................................

.................................................................................................................. ......................................................................................................... .........................................................................................................

.................................................................................................................... ...........................................................................

Contents

Introduction 1 How to Read This Report 2 Test Results for Hardware Write Block Device: Tableau eSATA Forensic Bridge T35es-R2 3 1. Device Description 3 2. Results Summary 3 3. Test Environment 3 4. Test Result Details by Case 3

4.1. FT-HWB-ATA/IDE 3 4.1.1. Test Case Description 3 4.1.2. Test Drive Description 4 4.1.3. Test Evaluation Criteria 4 4.1.4. Test Case Results 4 4.1.5. Case Summary 4

4.2. FT-HWB-SATA 4 4.2.1. Test Case Description 4 4.2.2. Test Drive Description 4 4.2.3. Test Evaluation Criteria 4 4.2.4. Test Case Results 5 4.2.5. Case Summary 5

5. Appendix: Additional Details 6 5.1. FT-HWB-ATA/IDE 6

5.1.1. eSATA 6 5.1.2. FireWire 400 7 5.1.3. FireWire 800 9 5.1.4. USB 2 10

5.2. FT-HWB-SATA 12 5.2.1. eSATA 12 5.2.2. FireWire 400 13 5.2.3. FireWire 800 15 5.2.4. USB 2 16

5.3. Test Setup & Analysis Tool Versions 18

ii

Introduction

The Computer Forensics Tool Testing (CFTT) program is a joint project of the Department of Homeland Security (DHS), the National Institute of Justice (NIJ), and the National Institute of Standards and Technology (NIST) Special Programs Office and Information Technology Laboratory (ITL). CFTT is supported by other organizations, including the Federal Bureau of Investigation, the U.S. Department of Defense Cyber Crime Center, U.S. Internal Revenue Service Criminal Investigation Division Electronic Crimes Program, and the U.S. Department of Homeland Security’s Bureau of Immigration and Customs Enforcement, U.S. Customs and Border Protection and U.S. Secret Service. The objective of the CFTT program is to provide measurable assurance to practitioners, researchers, and other applicable users that the tools used in computer forensics investigations provide accurate results. Accomplishing this requires the development of specifications and test methods for computer forensics tools and subsequent testing of specific tools against those specifications.

Test results provide the information necessary for developers to improve tools, users to make informed choices, and the legal community and others to understand the tools’ capabilities. The CFTT approach to testing computer forensics tools is based on well-recognized methodologies for conformance and quality testing. Interested parties in the computer forensics community can review and comment on the specifications and test methods posted on the CFTT Web site (https://www.cftt.nist.gov/).

This document reports the results from testing the hardware write blocking f unction of the Tableau eSATA Forensic Bridge T35es-R2 device firmware version Jan 23 2013 12:20:26 using the CFTT Federated Testing Test Suite for Hardware Write Blocking, Version 3.1-1.

Federated Testing is an expansion of the CFTT program to provide forensic investigators and labs with test materials for tool testing and to support shared test reports. The goal of Federated Testing is to help forensic investigators to test the tools that they use in their labs and to enable sharing of tool test results. CFTT’s Federated Testing Forensic Tool Testing Environment and included test suites can be downloaded from NIST's CFTT Federated Testing Project web page (https://www.cftt.nist.gov/federated-testing.html) and used to test forensic tools. The results can be optionally shared with CFTT, reviewed by CFTT staff, and then shared with the community.

Test results from this and other tools can be found on DHS’s computer forensics web page, https://www.dhs.gov/science-and-technology/nist-cftt-reports.

https://www.cftt.nist.gov/

https://www.cftt.nist.gov/federated-testing.html

https://www.dhs.gov/science-and-technology/nist-cftt-reports

https://www.cftt.nist.gov/federated-testing.html

https://www.cftt.nist.gov

https://www.dhs.gov/science-and-technology/nist-cftt-reports

How to Read This Report

This report is organized into the following sections:

1. Tested Device Description. The tool name, version and vendor information are listed.2. Results Summary. This section identifies any significant anomalies observed in the test

runs. This section provides a narrative of key findings identifying where the tool meets expectations and provides a summary of any ways the tool did not meet expectations. Thes

ection also provides any observations of interest about the tool or about testing the tool including any observed limitations on tool use.

3. Test Environment. Description of hardware and software used in tool testing.4. Test Result Details by Case. Automatically generated test results that identify anomalies.5. Appendix: Additional details. Additional details for each test case.

October 2018 Page 2 of 18 Tableau eSATA Forensic Bridge T35es-R2

Test Results for Hardware Write Block Device: Tableau eSATA Forensic Bridge T35es-R2

1. Device Description

Device Name: Tableau eSATA Forensic Bridge T35es-R2 Firmware Version: Jan 23 2013 12:20:26

Manufacturer Contact:

Manufacturer: OpenText Corporation

Address: 1055 E. Colorado Blvd. Pasadena, CA 91106-2375

Tel: (866) 229-9199

WWW: Guidance Software web site (https://www.guidancesoftware.com/)

2. Results Summary

The tested device functioned as expected with no anomalies.

3. Test Environment

Hardware: Custom PC with 12 USB 2, 3 eSATA, 2 FireWire 800 and 3 FireWire 400 ports.

eSATA Forensic Bridge T35es-R2 Firmware Version: Jan 23 2013 12:20:26 Serial Number: 000ecc31 00353174

4. Test Result Details by Case

This section presents test results grouped by case.

4.1. FT-HWB-ATA/IDE 4.1.1. Test Case Description

Test a write blocker’s ability to write-protect an ATA/IDE drive. This test can be repeated to test multiple types of connections (interfaces) between a computer and the write blocker. Test the ability of the write blocker to block write commands from the ATA and SCSI command sets issued from a test computer from modifying an ATA/IDE drive.


https://www.guidancesoftware.com/

4.1.2. Test Drive Description

Manufacturer, model & size of the test drive used for this test: IBM, IC35L040AVER07-0, 40GB

4.1.3. Test Evaluation Criteria

For each computer to blocker connection tested, the number of ‘writes not blocked’ should be 0.

4.1.4. Test Case Results

The following table presents results for the test case.

Test Results for FT-HWB-ATA/IDE Computer to Blocker Connection Write Commands Sent Writes Not Blocked eSATA 36 0 FireWire 400 36 0 FireWire 800 36 0 USB 2 36 0

4.1.5. Case Summary

Test drive unchanged.

4.2. FT-HWB-SATA 4.2.1. Test Case Description

Test a write blocker’s ability to write-protect a SATA drive. This test can be repeated to test multiple types of connections (interfaces) between a computer and the write blocker. Test the ability of the write blocker to block write commands from the ATA and SCSI command sets issued from a test computer from modifying a SATA drive.

4.2.2. Test Drive Description

Manufacturer, model & size of the test drive used for this test: Kingston, SVP100S264G, 64GB

4.2.3. Test Evaluation Criteria

For each computer to blocker connection tested, the number of ‘writes not blocked’ should be 0.



4.2.4. Test Case Results

The following table presents results for the test case.

Test Results for FT-HWB-SATA Computer to Blocker Connection Write Commands Sent Writes Not Blocked eSATA 36 0 FireWire 400 36 0 FireWire 800 36 0 USB 2 36 0

4.2.5. Case Summary

Test drive unchanged.


5. Appendix: Additional Details5.1. FT-HWB-ATA/IDE 5.1.1. eSATA

/usr/lib/cgi-bin/test-hwb Fri Jul 6 09:21:53 2018 @(#) test-hwb.c Linux Version 1.4 created 06/27/18 at 10:56:14compiled Jun 27 2018 10:56:31 with gcc Version 5.4.0 20160609@(#) wrapper.c Linux Version 1.5 support lib created 08/03/17 at 13:05:44@(#) ataraw.c Linux Version 1.3 support lib created 08/03/17 at 13:05:44@(#) ataraw.h Linux Version 1.3 created 08/03/17 at 13:06:12cmd: /usr/lib/cgi-bin/test-hwb -bh -p /media/cftt/FT-LOGS/FT-HWB-ata/ GP WoFat FT-HWB-ata esata ata /dev/sda operator: GPhost: WoFat test case: FT-HWB-ata connection type: esatadrive/media type: atadevice: /dev/sda

Opcode Command Name Status Lba/Sector Result 30h (ATA) WRITE SECTOR(S) Sent 12288 UnchangedCAh (ATA) WRITE DMA Sent 51712 UnchangedCCh (ATA) WRITE DMA QUEUED Sent 52224 UnchangedC5h (ATA) WRITE MULTIPLE Sent 50432 Unchanged31h (ATA) WRITE SECTOR(S) w/o retries Sent 12544

UnchangedCBh (ATA) WRITE DMA w/o retries Sent 51968 Unchanged3Ch (ATA) WRITE VERIFY Sent 15360 Unchanged34h (ATA) WRITE SECTOR(S) EXT Sent 13312 Unchanged39h (ATA) WRITE MULTIPLE EXT Sent 14592 UnchangedCEh (ATA) WRITE MULTIPLE FUA EXT Sent 52736 Unchanged3Bh (ATA) WRITE STREAM EXT Sent 15104 Unchanged35h (ATA) WRITE DMA EXT Sent 13568 Unchanged3Dh (ATA) WRITE DMA FUA EXT Sent 15616

Unchanged36h (ATA) WRITE DMA QUEUED EXT Sent 13824 Unchanged3Eh (ATA) WRITE DMA QUEUED FUA EXT Sent 15872 Unchanged3Ah (ATA) WRITE STREAM DMA EXT Sent 14848 Unchanged38h (ATA) CFA WRITE SECTORS W/O ERASE Sent 14336

UnchangedCDh (ATA) CFA WRITE MULTIPLE W/O ERASE Sent 52480

UnchangedC0h (ATA) CFA ERASE SECTORS Sent 49152

Unchanged0Ah (SCSI) WRITE 6 Sent 2576 Unchanged2Ah (SCSI) WRITE 10 Sent 10768 UnchangedAAh (SCSI) WRITE 12 Sent 43536 Unchanged8Ah (SCSI) WRITE 16 Sent 35344 Unchanged7Fh (SCSI) WRITE 32 Sent 32528 Unchanged2Eh (SCSI) WRITE AND VERIFY 10 Sent 11792 UnchangedAEh (SCSI) WRITE AND VERIFY 12 Sent 44560 Unchanged8Eh (SCSI) WRITE AND VERIFY 16 Sent 36368 Unchanged7Fh (SCSI) WRITE AND VERIFY 32 Sent 32529 Unchanged41h (SCSI) WRITE SAME 10 Sent 16656 Unchanged93h (SCSI) WRITE SAME 16 Sent 37648 Unchanged


Opcode Command Name Status Lba/Sector Result 7Fh (SCSI) WRITE SAME 32 Sent 32530 Unchanged3Fh (SCSI) WRITE LONG 10 Sent 16144 Unchanged9Fh (SCSI) WRITE LONG 16 Sent 40720 Unchanged32h (ATA) WRITE LONG Sent 12800 Unchanged33h (ATA) WRITE LONG w/o retries Sent 13056 Unchanged45h (ATA) WRITE UNCORRECTABLE EXT Sent 17664 Unchanged

36 writes sent, 0 write(s) not blocked, 0 write commands unsupported.

RESULTS: test drive unchanged

run start Fri Jul 6 09:21:53 2018 run finish Fri Jul 6 09:21:53 2018 elapsed time 0:0:0Normal exit

Status Key:Sent - the ioctl used to send this command returned without error and the ATA error bit (if applicable) was not set.Not supported - the ioctl used to send this command return with an error status or the command completed with the ATA error bit set.Test terminated - the test was terminated for dangerous commands because 3 or more previous commands were not blocked.

Result Key:Unchanged - no changes to the test drive were detected. Not Blocked - sending this command resulted in a change to the test drive.This command was NOT blocked! n/a - Not applicable.

5.1.2. FireWire 400

/usr/lib/cgi-bin/test-hwb Fri Jul 6 09:23:54 2018 @(#) test-hwb.c Linux Version 1.4 created 06/27/18 at 10:56:14compiled Jun 27 2018 10:56:31 with gcc Version 5.4.0 20160609@(#) wrapper.c Linux Version 1.5 support lib created 08/03/17 at 13:05:44@(#) ataraw.c Linux Version 1.3 support lib created 08/03/17 at 13:05:44@(#) ataraw.h Linux Version 1.3 created 08/03/17 at 13:06:12cmd: /usr/lib/cgi-bin/test-hwb -bh -p /media/cftt/FT-LOGS/FT-HWB-ata/ GP WoFat FT-HWB-ata firewire400 ata /dev/sda operator: GPhost: WoFat test case: FT-HWB-ata connection type: firewire400drive/media type: atadevice: /dev/sda


UnchangedCBh (ATA) WRITE DMA w/o retries Sent 51968 Unchanged3Ch (ATA) WRITE VERIFY Sent 15360 Unchanged


Opcode Command Name Status Lba/Sector Result 34h (ATA) WRITE SECTOR(S) EXT Sent 13312 Unchanged39h (ATA) WRITE MULTIPLE EXT Sent 14592 UnchangedCEh (ATA) WRITE MULTIPLE FUA EXT Sent 52736 Unchanged3Bh (ATA) WRITE STREAM EXT Sent 15104 Unchanged35h (ATA) WRITE DMA EXT Sent 13568 Unchanged3Dh (ATA) WRITE DMA FUA EXT Sent 15616




Unchanged0Ah (SCSI) WRITE 6 Sent 2576 Unchanged2Ah (SCSI) WRITE 10 Sent 10768 UnchangedAAh (SCSI) WRITE 12 Sent 43536 Unchanged8Ah (SCSI) WRITE 16 Sent 35344 Unchanged7Fh (SCSI) WRITE 32 Sent 32528 Unchanged2Eh (SCSI) WRITE AND VERIFY 10 Sent 11792 UnchangedAEh (SCSI) WRITE AND VERIFY 12 Sent 44560 Unchanged8Eh (SCSI) WRITE AND VERIFY 16 Sent 36368 Unchanged7Fh (SCSI) WRITE AND VERIFY 32 Sent 32529 Unchanged41h (SCSI) WRITE SAME 10 Sent 16656 Unchanged93h (SCSI) WRITE SAME 16 Sent 37648 Unchanged7Fh (SCSI) WRITE SAME 32 Sent 32530 Unchanged3Fh (SCSI) WRITE LONG 10 Sent 16144 Unchanged9Fh (SCSI) WRITE LONG 16 Sent 40720 Unchanged32h (ATA) WRITE LONG Sent 12800 Unchanged33h (ATA) WRITE LONG w/o retries Sent 13056 Unchanged45h (ATA) WRITE UNCORRECTABLE EXT Sent 17664 Unchanged




Status Key:Sent - the ioctl used to send this command returned without error and the ATA error bit (if applicable) was not set. Not supported - the ioctl used to send this command return with an error status or the command completed with the ATA error bit set. Test terminated - the test was terminated for dangerous commands because 3 or more previous commands were not blocked.



5.1.3. FireWire 800

/usr/lib/cgi-bin/test-hwb Fri Jul 6 09:21:33 2018 @(#) test-hwb.c Linux Version 1.4 created 06/27/18 at 10:56:14 compiled Jun 27 2018 10:56:31 with gcc Version 5.4.0 20160609@(#) wrapper.c Linux Version 1.5 support lib created 08/03/17 at 13:05:44@(#) ataraw.c Linux Version 1.3 support lib created 08/03/17 at 13:05:44@(#) ataraw.h Linux Version 1.3 created 08/03/17 at 13:06:12cmd: /usr/lib/cgi-bin/test-hwb -bh -p /media/cftt/FT-LOGS/FT-HWB-ata/ GP WoFat FT-HWB-ata firewire800 ata /dev/sda operator: GPhost: WoFat test case: FT-HWB-ata connection type: firewire800drive/media type: atadevice: /dev/sda



Unchanged36h (ATA) WRITE DMA QUEUED EXT Sent 13824 Unchanged 3Eh (ATA) WRITE DMA QUEUED FUA EXT Sent 15872 Unchanged3Ah (ATA) WRITE STREAM DMA EXT Sent 14848 Unchanged38h (ATA) CFA WRITE SECTORS W/O ERASE Sent 14336



Unchanged0Ah (SCSI) WRITE 6 Sent 2576 Unchanged2Ah (SCSI) WRITE 10 Sent 10768 UnchangedAAh (SCSI) WRITE 12 Sent 43536 Unchanged8Ah (SCSI) WRITE 16 Sent 35344 Unchanged7Fh (SCSI) WRITE 32 Sent 32528 Unchanged 2Eh (SCSI) WRITE AND VERIFY 10 Sent 11792 UnchangedAEh (SCSI) WRITE AND VERIFY 12 Sent 44560 Unchanged8Eh (SCSI) WRITE AND VERIFY 16 Sent 36368 Unchanged7Fh (SCSI) WRITE AND VERIFY 32 Sent 32529 Unchanged41h (SCSI) WRITE SAME 10 Sent 16656 Unchanged93h (SCSI) WRITE SAME 16 Sent 37648 Unchanged7Fh (SCSI) WRITE SAME 32 Sent 32530 Unchanged3Fh (SCSI) WRITE LONG 10 Sent 16144 Unchanged9Fh (SCSI) WRITE LONG 16 Sent 40720 Unchanged


Opcode Command Name Status Lba/Sector Result 32h (ATA) WRITE LONG Sent 12800 Unchanged33h (ATA) WRITE LONG w/o retries Sent 13056 Unchanged45h (ATA) WRITE UNCORRECTABLE EXT Sent 17664 Unchanged






5.1.4. USB 2

/usr/lib/cgi-bin/test-hwb Fri Jul 6 09:23:10 2018 @(#) test-hwb.c Linux Version 1.4 created 06/27/18 at 10:56:14compiled Jun 27 2018 10:56:31 with gcc Version 5.4.0 20160609@(#) wrapper.c Linux Version 1.5 support lib created 08/03/17 at 13:05:44@(#) ataraw.c Linux Version 1.3 support lib created 08/03/17 at 13:05:44@(#) ataraw.h Linux Version 1.3 created 08/03/17 at 13:06:12cmd: /usr/lib/cgi-bin/test-hwb -bh -p /media/cftt/FT-LOGS/FT-HWB-ata/ GP WoFat FT-HWB-ata usb2 ata /dev/sda operator: GPhost: WoFat test case: FT-HWB-ata connection type: usb2drive/media type: atadevice: /dev/sda


UnchangedCBh (ATA) WRITE DMA w/o retries Sent 51968 Unchanged3Ch (ATA) WRITE VERIFY Sent 15360 Unchanged34h (ATA) WRITE SECTOR(S) EXT Sent 13312 Unchanged39h (ATA) WRITE MULTIPLE EXT Sent 14592 UnchangedCEh (ATA) WRITE MULTIPLE FUA EXT Sent 52736 Unchanged


Opcode Command Name Status Lba/Sector Result 3Bh (ATA) WRITE STREAM EXT Sent 15104 Unchanged35h (ATA) WRITE DMA EXT Sent 13568 Unchanged3Dh (ATA) WRITE DMA FUA EXT Sent 15616











5.2. FT-HWB-SATA 5.2.1. eSATA

/usr/lib/cgi-bin/test-hwb Fri Jul 6 09:26:42 2018 @(#) test-hwb.c Linux Version 1.4 created 06/27/18 at 10:56:14compiled Jun 27 2018 10:56:31 with gcc Version 5.4.0 20160609 @(#) wrapper.c Linux Version 1.5 support lib created 08/03/17 at 13:05:44@(#) ataraw.c Linux Version 1.3 support lib created 08/03/17 at 13:05:44@(#) ataraw.h Linux Version 1.3 created 08/03/17 at 13:06:12cmd: /usr/lib/cgi-bin/test-hwb -bh -p /media/cftt/FT-LOGS/FT-HWB-sata/ GP WoFat FT-HWB-sata esata sata /dev/sda operator: GPhost: WoFat test case: FT-HWB-sata connection type: esatadrive/media type: satadevice: /dev/sda






Unchanged0Ah (SCSI) WRITE 6 Sent 2576 Unchanged2Ah (SCSI) WRITE 10 Sent 10768 UnchangedAAh (SCSI) WRITE 12 Sent 43536 Unchanged8Ah (SCSI) WRITE 16 Sent 35344 Unchanged7Fh (SCSI) WRITE 32 Sent 32528 Unchanged2Eh (SCSI) WRITE AND VERIFY 10 Sent 11792 UnchangedAEh (SCSI) WRITE AND VERIFY 12 Sent 44560 Unchanged8Eh (SCSI) WRITE AND VERIFY 16 Sent 36368 Unchanged7Fh (SCSI) WRITE AND VERIFY 32 Sent 32529 Unchanged41h (SCSI) WRITE SAME 10 Sent 16656 Unchanged93h (SCSI) WRITE SAME 16 Sent 37648 Unchanged7Fh (SCSI) WRITE SAME 32 Sent 32530 Unchanged3Fh (SCSI) WRITE LONG 10 Sent 16144 Unchanged


Opcode Command Name Status Lba/Sector Result 9Fh (SCSI) WRITE LONG 16 Sent 40720 Unchanged32h (ATA) WRITE LONG Sent 12800 Unchanged33h (ATA) WRITE LONG w/o retries Sent 13056 Unchanged45h (ATA) WRITE UNCORRECTABLE EXT Sent 17664 Unchanged






5.2.2. FireWire 400

/usr/lib/cgi-bin/test-hwb Fri Jul 6 09:25:49 2018 @(#) test-hwb.c Linux Version 1.4 created 06/27/18 at 10:56:14compiled Jun 27 2018 10:56:31 with gcc Version 5.4.0 20160609@(#) wrapper.c Linux Version 1.5 support lib created 08/03/17 at 13:05:44@(#) ataraw.c Linux Version 1.3 support lib created 08/03/17 at 13:05:44@(#) ataraw.h Linux Version 1.3 created 08/03/17 at 13:06:12cmd: /usr/lib/cgi-bin/test-hwb -bh -p /media/cftt/FT-LOGS/FT-HWB-sata/ GP WoFat FT-HWB-sata firewire400 sata /dev/sda operator: GPhost: WoFat test case: FT-HWB-sata connection type: firewire400drive/media type: satadevice: /dev/sda


UnchangedCBh (ATA) WRITE DMA w/o retries Sent 51968 Unchanged3Ch (ATA) WRITE VERIFY Sent 15360 Unchanged34h (ATA) WRITE SECTOR(S) EXT Sent 13312 Unchanged39h (ATA) WRITE MULTIPLE EXT Sent 14592 Unchanged


Opcode Command Name Status Lba/Sector Result CEh (ATA) WRITE MULTIPLE FUA EXT Sent 52736 Unchanged3Bh (ATA) WRITE STREAM EXT Sent 15104 Unchanged35h (ATA) WRITE DMA EXT Sent 13568 Unchanged3Dh (ATA) WRITE DMA FUA EXT Sent 15616

Unchanged36h (ATA) WRITE DMA QUEUED EXT Sent 13824 Unchanged 3Eh (ATA) WRITE DMA QUEUED FUA EXT Sent 15872 Unchanged3Ah (ATA) WRITE STREAM DMA EXT Sent 14848 Unchanged38h (ATA) CFA WRITE SECTORS W/O ERASE Sent 14336



Unchanged0Ah (SCSI) WRITE 6 Sent 2576 Unchanged2Ah (SCSI) WRITE 10 Sent 10768 UnchangedAAh (SCSI) WRITE 12 Sent 43536 Unchanged8Ah (SCSI) WRITE 16 Sent 35344 Unchanged7Fh (SCSI) WRITE 32 Sent 32528 Unchanged2Eh (SCSI) WRITE AND VERIFY 10 Sent 11792 UnchangedAEh (SCSI) WRITE AND VERIFY 12 Sent 44560 Unchanged8Eh (SCSI) WRITE AND VERIFY 16 Sent 36368 Unchanged7Fh (SCSI) WRITE AND VERIFY 32 Sent 32529 Unchanged41h (SCSI) WRITE SAME 10 Sent 16656 Unchanged93h (SCSI) WRITE SAME 16 Sent 37648 Unchanged7Fh (SCSI) WRITE SAME 32 Sent 32530 Unchanged3Fh (SCSI) WRITE LONG 10 Sent 16144 Unchanged9Fh (SCSI) WRITE LONG 16 Sent 40720 Unchanged32h (ATA) WRITE LONG Sent 12800 Unchanged 33h (ATA) WRITE LONG w/o retries Sent 13056 Unchanged45h (ATA) WRITE UNCORRECTABLE EXT Sent 17664 Unchanged







5.2.3. FireWire 800

/usr/lib/cgi-bin/test-hwb Fri Jul 6 09:27:56 2018 @(#) test-hwb.c Linux Version 1.4 created 06/27/18 at 10:56:14compiled Jun 27 2018 10:56:31 with gcc Version 5.4.0 20160609@(#) wrapper.c Linux Version 1.5 support lib created 08/03/17 at 13:05:44@(#) ataraw.c Linux Version 1.3 support lib created 08/03/17 at 13:05:44@(#) ataraw.h Linux Version 1.3 created 08/03/17 at 13:06:12cmd: /usr/lib/cgi-bin/test-hwb -bh -p /media/cftt/FT-LOGS/FT-HWB-sata/ GP WoFat FT-HWB-sata firewire800 sata /dev/sda operator: GPhost: WoFat test case: FT-HWB-sata connection type: firewire800drive/media type: satadevice: /dev/sda






Unchanged0Ah (SCSI) WRITE 6 Sent 2576 Unchanged2Ah (SCSI) WRITE 10 Sent 10768 UnchangedAAh (SCSI) WRITE 12 Sent 43536 Unchanged8Ah (SCSI) WRITE 16 Sent 35344 Unchanged7Fh (SCSI) WRITE 32 Sent 32528 Unchanged2Eh (SCSI) WRITE AND VERIFY 10 Sent 11792 UnchangedAEh (SCSI) WRITE AND VERIFY 12 Sent 44560 Unchanged8Eh (SCSI) WRITE AND VERIFY 16 Sent 36368 Unchanged7Fh (SCSI) WRITE AND VERIFY 32 Sent 32529 Unchanged41h (SCSI) WRITE SAME 10 Sent 16656 Unchanged93h (SCSI) WRITE SAME 16 Sent 37648 Unchanged7Fh (SCSI) WRITE SAME 32 Sent 32530 Unchanged3Fh (SCSI) WRITE LONG 10 Sent 16144 Unchanged9Fh (SCSI) WRITE LONG 16 Sent 40720 Unchanged


Opcode Command Name Status Lba/Sector Result 32h (ATA) WRITE LONG Sent 12800 Unchanged 33h (ATA) WRITE LONG w/o retries Sent 13056 Unchanged45h (ATA) WRITE UNCORRECTABLE EXT Sent 17664 Unchanged






5.2.4. USB 2

/usr/lib/cgi-bin/test-hwb Fri Jul 6 09:27:22 2018 @(#) test-hwb.c Linux Version 1.4 created 06/27/18 at 10:56:14compiled Jun 27 2018 10:56:31 with gcc Version 5.4.0 20160609@(#) wrapper.c Linux Version 1.5 support lib created 08/03/17 at 13:05:44@(#) ataraw.c Linux Version 1.3 support lib created 08/03/17 at 13:05:44@(#) ataraw.h Linux Version 1.3 created 08/03/17 at 13:06:12cmd: /usr/lib/cgi-bin/test-hwb -bh -p /media/cftt/FT-LOGS/FT-HWB-sata/ GP WoFat FT-HWB-sata usb2 sata /dev/sda operator: GPhost: WoFat test case: FT-HWB-sata connection type: usb2drive/media type: satadevice: /dev/sda

Opcode Command Name Status Lba/Sector Result 30h (ATA) WRITE SECTOR(S) Sent 12288 UnchangedCAh (ATA) WRITE DMA Sent 51712 UnchangedCCh (ATA) WRITE DMA QUEUED Sent 52224 UnchangedC5h (ATA) WRITE MULTIPLE Sent 50432 Unchanged 31h (ATA) WRITE SECTOR(S) w/o retries Sent 12544

UnchangedCBh (ATA) WRITE DMA w/o retries Sent 51968 Unchanged3Ch (ATA) WRITE VERIFY Sent 15360 Unchanged34h (ATA) WRITE SECTOR(S) EXT Sent 13312 Unchanged39h (ATA) WRITE MULTIPLE EXT Sent 14592 UnchangedCEh (ATA) WRITE MULTIPLE FUA EXT Sent 52736 Unchanged


Opcode Command Name Status Lba/Sector Result 3Bh (ATA) WRITE STREAM EXT Sent 15104 Unchanged35h (ATA) WRITE DMA EXT Sent 13568 Unchanged3Dh (ATA) WRITE DMA FUA EXT Sent 15616











5.3. Test Setup & Analysis Tool Versions

Version numbers of tools used are listed.

Setup & Analysis Tool Versions test-hwb.c Linux Version 1.4 created 06/27/18 at 10:56:14

Tool: @(#) ft_hwb_prt_test_report.py Version 1.2 created 04/26/18 at 10:11:19 OS: Linux Version 4.13.0-37-generic Federated Testing Version 3.1-1, released 06/27/2018

Documents

Tableau eSATA Forensic Bridge T35es-R2 · Tableau eSATA Forensic Bridge T35es-R2 device firmware version Jan 23 2013 12:20:26 using the CFTT Federated Testing Test Suite for Hardware